Справочник Пользователя для D-Link DSR-1000
Unified Services Router
User Manual
94
Figure 57 : IP sec poli cy conf igura tio n co ntinue d (Auto policy via IK E)
A Manual policy does not use IKE and instead relies on manual keying to exchange
authentication parameters between the two IPsec hosts. The incoming and outgoing
security parameter index (SPI) values must be mirrored on the remote tunnel
endpoint. As well the encryption and integrity algorithms and keys must match on the
remote IPsec host exactly in order for the tunnel to establish successfully. Note that
using Auto policies with IKE are preferred as in some IPsec implementations the SPI
(security parameter index) values require conversion at each endpoint.
authentication parameters between the two IPsec hosts. The incoming and outgoing
security parameter index (SPI) values must be mirrored on the remote tunnel
endpoint. As well the encryption and integrity algorithms and keys must match on the
remote IPsec host exactly in order for the tunnel to establish successfully. Note that
using Auto policies with IKE are preferred as in some IPsec implementations the SPI
(security parameter index) values require conversion at each endpoint.
DSR supports VPN roll-over feature. This means that policies configured on primary
WAN will rollover to the secondary WAN in case of a link failure on a primary
WAN. This feature can be used only if your WAN is configured in Auto-Rollover
mode.
WAN will rollover to the secondary WAN in case of a link failure on a primary
WAN. This feature can be used only if your WAN is configured in Auto-Rollover
mode.